Microsoft Defies Court Order, Will Not Give Emails to US Government

Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.

"Microsoft will not be turning over the email and plans to appeal," a Microsoft statement notes. "Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen."

On Friday, however, she lifted that suspension after prosecutors successfully convinced her that her order was not appealable. The removal of the suspension legally requires Microsoft to hand over the email immediately.

This is the first time a technology company has resisted a US search warrant seeking data that is held outside the United States.

In the view of Microsoft and many legal experts, federal authorities have no jurisdiction over data stored outside the country. It says that the court order violates Ireland's sovereignty and that prosecutors need to seek a legal treaty with Ireland in order to obtain the data they want.

Judge Preska of course feels differently, and she has consistently agreed with the prosecution argument that the physical location of email is irrelevant because Microsoft controls the data from its base in the United States.

Of perhaps more importance is the faith and trust of Microsoft's customers from around the world. Like other technology companies that are pushing cloud services, Microsoft has been negatively impacted by reports about US governmental spying and its ability to seize data stored in cloud datacenters. It has asked governments from around the world to stop these practices and respect privacy rights. And as its faced resistance on that front, Microsoft has grown increasingly more suspicious of governmental requests for data.

Discuss this Article 27

Good for Microsoft. If the government cannot prove its case apart from fishing for emails stored in Ireland, it is difficult to see that the government has a case at all. Burden of proof is on the government, clearly--defendant has no legal obligation to prove his innocence.

There's no doubt the government will get their hands on the data legally or through other means. That's not really up for debate. My thoughts are that if Microsoft was really serious about privacy, it would be protecting this data with perfect forward encryption that would make it near useless even under the government's microscope.

This is fascinating to follow, and will have lots of serious ramifications. Imagine if a US company had U-Store-it lockers around the world. Say you, a US citizen, rented one in Canada, to keep camping gear in for when you went north. Would the US Gov be allowed to demand access to that locker in Canada? Without involving Canada? Would they be able to go there and search it? Could they demand the US company to go get the contents and provide it? Could China demand MS provide access to Chinese citizen's Hotmail that happened to be stored here? How about e-mail between a Chinese citizen and his US acquaintance? I'm certainly no lawyer, but these are interesting questions that would seem to be governed by international law, and can't be solely arbitrated be US courts.

Absolutely. Microsoft did not help give themselves a consistent position when they directly accessed the content of that French bloggers Hotmail account in order to track that Activation Server leak, especially if trying to sell the legal theory that the user "owns" their own data.

It's not an email account held by an Irish customer. Microsoft maintains major datacenters in Ireland.
And a company has the obligation to police its own intellectual property according to its terms of service. The US government, though, has intentionally kept digital data privacy rights vague, and treated US companies as surveillance agents.

This has serious implications. If the US government is successful, then the trust in the cloud has just gone out the window for most businesses - especially non US.

The only way after that Microsoft will make this work, is to open a datacenter in every country they intend to have cloud services available and somehow register and run it as a sovereign business of that country, which can be protected under that countries law.

The cloud business will be fine. They'll just be forced to finally respond to consumer demands that they implement perfect-forward encryption or something along those lines. Many European cloud companies have already done this.

This is a generalized US problem: just because USA is a capitalist country does not mean it owns capitalism. One of the basic rules of capitalism is that the market reacts, no matter how much a government "dickers" around with it. The same applies to any "sanction" on a US enemies, in this case Microsoft. The markets can and will react and there is nothing the USA or anyone else can do about it. It is supremely ironic that the bastion of free enterprise should be attempting to violate such a fundamental law.

I think this one will take a while and it needs cases like this for it to get the attention it needs globally.

In the end I think it needs to be limited to a persons actions while domiciled in a country.
ie. emails sent while that person is in country. The governments rights over people is based on that persons geographical location. US laws cease to be relevant once a person leaves US soil and vice-versa.

Actually a US Citizen is subject to US law the world over. Drug and arms trafficking, sex tourism, bribing foreign officials, money laundering, aiding terrorists are all areas where US law is applied to the actions of a US citizen on foreign soil. We don't know what this case is about, but my guess it falls into one of those categories. That said, Microsoft could escape future claims like this by re-incorporating in another country. Ironically Ireland would be a good choice.

A U.S. citizen is indeed subject to U.S. law wherever they may be... but they're also subject to the laws of whatever country they're in and U.S. laws may not be (and likely aren't) enforceable there. In instances such as this, MS abiding by (a questionable application of) U.S. law would likely violate the laws of Ireland.

Then you better also be ready to stop any usage of Apple, Google, Amazon, Yahoo, eBay, etc. Actually, you should probably stop using the internet entirely, as it's very unlikely that your internet usage doesn't either transit the U.S., a server or router owned by a U.S. company, or a server or switch of U.S. manufacturer. This is especially true of traffic that is crossing international borders.

What makes you think that the e-mails in question had anything whatsoever to do with the U.S. government? Everything I've seen suggest that what was requested was the e-mails from an individual user's account, not a government user. The government doesn't use Hotmail as their e-mail provider... they have plenty of their own e-mail servers that are in their own control.

I wonder how long it will take Microsoft to decide the US government is just too much of a PITA to deal with and like so many other companies move their data centers to another country. I support Microsoft. The US Government is over stepping their bounds again.

Perhaps this points up the need for an international government, constitution and set of laws that subscribing nations would escalate to - past the individual nation's Supreme court. You would think the United Nations would take some of this on, but they seem to be dragging their feet and pretty powerless. Mabye it is time for a more comprehensive UN constituion and police force. Sure you can do inidividual treaties beween nations governing particular situations but international law right now seems a bit like the old wild west in the US. Crackers hiding behind different borders, regulations and attitudes. Just something for the next generation.to start digesting.

Azure Master Class

Every organization is currently evaluating how they can utilize the public cloud, what it means, and how to actually get started. This 12 session Master Class will equip you with everything you need to understand, evaluate, deploy and maintain environments that utilize Microsoft Azure including hybrid scenarios.